Re: Origin ASN seen vs Origin ASN in Whois Records Report?

["K. Sriram" <ksriram () nist gov>]

Heather:

This prior question from you (November 2008) was recently brought to our 
attention.
Sorry about this delayed response, but we thought it would still be 
worthwhile to share
pointers to some work that we are doing at NIST which relates closely to 
your question.

Earlier Bill Woodcock provided you with a link where the actual 
discrepancies
are listed. Our work at NIST focuses on the statistics of such anomalies,
with the intention of: (A) generating score cards for accuracy/consistency
of various registries, and (B) to glean the "good" data from what is 
available so that
BGP robustness algorithms that rely on the data can work more effectively.

We have done an analysis of registry information (RIRs, IRRs, RADB) and 
compared
it with that from trace data (RIBs, update history) from RIPE-RIS and 
routeviews.
We generate a variety of statistics on a per RIR basis (ARIN, RIPE, 
etc.) regarding
whether announced {prefix, origin AS} pairs in updates correspond with 
those in the registries.
We also report on whether the registered objects (NetHandle and AShandle 
in SWIP format
and inetnum, aut-num, and route in RPSL format) appear self-consistent 
or not.
We also looked at the NetHandles in ARIN that contain origin AS 
information, and have
performed comparisons of those with what was historically seen in BGP 
updates for
prefixes belonging to the ARIN region.
A variety of results and discussion related to all this are presented in 
this set of slides:
http://www.antd.nist.gov/bgp_security/publications/ARIN_NetHandle_OriginAS_Analysis.pdf 


You may also look into a presentation we made in January at NANOG-45.
There the focus was on BGP robustness algorithms that make combined use of
filtered "good" data from registries as well as long-term trace data.
http://www.nanog.org/meetings/nanog45/abstracts.php?pt=MTE5NSZuYW5vZzQ1&nm=nanog45

Here is a link for a detailed published paper related our NANOG-45 
presentation:
http://www.antd.nist.gov/pubs/NIST_BGP_Robustness.pdf
(This paper was published in the Proceedings of DHS S&T CATCH 2009 
conference.)

Please let me know if you have any specific questions concerning the above.
We are very interested in receiving feedback on how this work can be made
more useful from the perspective of what ISP needs are.

Sriram

K. Sriram 
+1 301 975 3973
http://www.antd.nist.gov/~ksriram/
-----------------------------------------------------

> From nanog-bounces () nanog org  Wed Nov 19 19:14:58 2008
Date: Wed, 19 Nov 2008 19:16:43 -0500
From: Heather Schiller <heather.schiller () verizonbusiness com>
Subject: Origin ASN seen vs Origin ASN in Whois Records Report?
To: gih () apnic net, nanog <nanog () nanog org>, info () BGPmon net

I don't know if a report like this already exists, but I haven't been 
able to find one.  Can someone (CIDR Report? BGPMon? PCH?) offer a 
report that shows the discrepencies in Origin ASN according to the whois 
records, and routes in the [global/public] routing table?  Publishing it 
on some regular interval would be even better.

ARIN makes available a list of prefixes with OriginAS.  I don't know if 
other RIR's do.

ftp://ftp.arin.net/pub/originAS/

To be clear.  I want a list of the prefixes where the actual origin ASN 
seen does not match the one in the whois record.  Inconsistent Origin is 
fair game here.  As a transit provider I'm interested in seeing what 
prefixes I am transiting for my customers that have this discrepancy, so 
something that shows the full path as part of the results would be most 
helpful.

Thanks,
--Heather